Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/V-OJS7n-tClzLYoutvszAGhYUO4.roa
File:                     V-OJS7n-tClzLYoutvszAGhYUO4.roa (raw, json)
Hash identifier:          plyDzUE+bTSt121p7JpTI11birjcMFkAQUHN+FtPtRU=
Subject key identifier:   57:E3:89:4B:B9:FE:B4:29:73:2D:8A:2E:B6:FB:33:00:68:58:50:EE
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       019A07E4741239982B63B42D3D24ADEDC2DB
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/V-OJS7n-tClzLYoutvszAGhYUO4.roa
Signing time:             Tue 21 Oct 2025 17:50:03 +0000
ROA not before:           Tue 21 Oct 2025 17:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213294
IP address blocks:        2a11:3442::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:e4:74:12:39:98:2b:63:b4:2d:3d:24:ad:ed:c2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Oct 21 17:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57e3894bb9feb429732d8a2eb6fb3300685850ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:dd:28:46:d6:42:8c:e7:c1:b0:d8:ca:4c:b4:
                    5d:bb:15:cc:7d:b2:7d:fb:55:d1:64:96:16:ea:a8:
                    90:41:1e:3f:2e:b9:ba:2b:16:ce:27:5e:d0:2f:03:
                    4b:74:15:de:a6:9f:6d:7d:21:04:28:91:76:45:a5:
                    4c:cf:05:f2:b0:c6:90:74:21:dc:56:26:e2:85:8a:
                    a8:e2:6e:c2:d5:83:bd:40:72:b8:d4:eb:6a:3d:f7:
                    97:3c:0a:7c:96:7f:90:5e:70:0b:db:92:ad:1c:34:
                    15:1b:41:d5:2a:a3:73:63:23:68:76:a7:e0:12:39:
                    ad:f8:17:66:93:2c:db:dc:72:c1:a1:11:5f:08:9a:
                    59:33:fe:51:aa:e9:ef:c2:23:df:db:2f:43:01:bd:
                    cd:97:8b:51:e6:b5:c9:c5:f1:d6:8f:af:f2:40:c7:
                    86:1a:30:99:15:a6:ec:e7:ed:29:6a:15:f6:17:49:
                    38:80:8f:91:d9:9d:2f:18:c3:61:b6:02:c3:78:23:
                    eb:22:c8:46:36:53:cb:49:88:49:45:1a:0b:f2:47:
                    6c:8c:c4:02:60:be:3f:0d:f2:79:87:07:15:1f:09:
                    dc:9d:27:76:fe:db:84:90:03:74:b6:42:44:61:c1:
                    1d:a1:65:2d:13:1b:fb:35:58:d7:87:a5:30:f7:a1:
                    1a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E3:89:4B:B9:FE:B4:29:73:2D:8A:2E:B6:FB:33:00:68:58:50:EE
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/V-OJS7n-tClzLYoutvszAGhYUO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:3442::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:e9:b6:27:e0:03:49:5c:55:d7:73:4c:57:9f:fb:cf:dc:83:
         62:9f:e6:b6:dd:a1:8b:47:42:0c:ca:ce:fd:5c:8d:7b:a5:ca:
         39:80:d4:19:2e:65:e8:f3:75:5c:d9:5a:0a:eb:56:a3:5c:2f:
         dc:03:86:1c:27:5b:fe:f2:b3:ce:ea:26:ba:04:e0:a4:4f:e7:
         42:c4:9a:69:2d:8e:88:50:16:00:7a:6e:72:52:9a:b6:42:92:
         f1:11:06:06:d4:88:65:1c:b7:85:79:3e:3e:ef:07:23:0e:f7:
         f5:a1:a7:ee:1e:60:33:86:ab:b1:b4:fc:b5:d8:0f:c4:cd:c3:
         c5:7f:0c:06:3e:49:72:a2:98:2a:ad:3c:43:1e:e3:7b:0a:81:
         9b:a3:5f:94:7f:75:70:55:66:e7:2b:a4:7f:78:65:95:84:28:
         68:af:53:a5:0d:ad:0a:4d:6d:44:18:70:e5:40:59:1f:96:35:
         11:50:8f:af:55:57:a9:67:ff:f4:b7:8e:ec:a7:f0:59:6f:cc:
         51:32:f4:b2:d4:09:08:f8:4e:c9:8d:41:fd:f6:26:cd:cc:a2:
         5a:b9:57:f0:35:95:09:a4:0f:95:51:e8:db:2a:35:c8:0d:38:
         b3:3c:61:a3:36:09:38:ae:5c:28:6d:d9:16:6a:0b:2b:0f:78:
         85:d0:03:58
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoH5HQSOZgrY7QtPSSt7cLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUxMDIxMTc1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UzODk0YmI5ZmViNDI5NzMyZDhhMmViNmZiMzMwMDY4NTg1MGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA490oRtZCjOfBsNjKTLRduxXMfbJ9
+1XRZJYW6qiQQR4/Lrm6KxbOJ17QLwNLdBXepp9tfSEEKJF2RaVMzwXysMaQdCHc
VibihYqo4m7C1YO9QHK41OtqPfeXPAp8ln+QXnAL25KtHDQVG0HVKqNzYyNodqfg
Ejmt+Bdmkyzb3HLBoRFfCJpZM/5RqunvwiPf2y9DAb3Nl4tR5rXJxfHWj6/yQMeG
GjCZFabs5+0pahX2F0k4gI+R2Z0vGMNhtgLDeCPrIshGNlPLSYhJRRoL8kdsjMQC
YL4/DfJ5hwcVHwncnSd2/tuEkAN0tkJEYcEdoWUtExv7NVjXh6Uw96Ea9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFfjiUu5/rQpcy2KLrb7MwBoWFDuMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvVi1PSlM3bi10Q2x6TFlvdXR2c3pBR2hZVU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhE0QjAN
BgkqhkiG9w0BAQsFAAOCAQEATem2J+ADSVxV13NMV5/7z9yDYp/mtt2hi0dCDMrO
/VyNe6XKOYDUGS5l6PN1XNlaCutWo1wv3AOGHCdb/vKzzuomugTgpE/nQsSaaS2O
iFAWAHpuclKatkKS8REGBtSIZRy3hXk+Pu8HIw739aGn7h5gM4arsbT8tdgPxM3D
xX8MBj5JcqKYKq08Qx7jewqBm6NflH91cFVm5yukf3hllYQoaK9TpQ2tCk1tRBhw
5UBZH5Y1EVCPr1VXqWf/9LeO7KfwWW/MUTL0stQJCPhOyY1B/fYmzcyiWrlX8DWV
CaQPlVHo2yo1yA04szxhozYJOK5cKG3ZFmoLKw94hdADWA==
-----END CERTIFICATE-----